cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to change Port Dynatrace Managed (Web UI 443)

dynatrace20
Helper

Can I change the default port Dynatrace Managed (Web UI 443) to another port?

7 REPLIES 7

BabarQayyum
Leader

Hello @dynatrace A.

I guess it can be possible only if we use our own trusted SSL certificate, but someone else in the community can correct this understanding.

https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-managed/installation/instal...

Regards,

Babar

Radoslaw_Szulgo
Dynatrace Leader
Dynatrace Leader

Theoretically, it is possible by modifying a rule in iptables that redirects traffic from 443 to 8022 (NGINX). However, such a modification is not supported as many places in communication will refer to :443 port hardcoded.

What you may want to do instead, is to set up a load balancer exposed on a custom port and keep Dynatrace Managed hidden behind.

Hello @Radoslaw S.

We have the suggested setup referred to in your comments, but the only difference that we are using port 443 (because the cluster node is listening on port 443).

I just wanted to know where/how to use the custom port.

https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-managed/configuration/which...

Regards,

Babar

Hi Babar,

as you see:

443 is Routed to local port 8022 using an iptables' prerouting rule. This port must remain open. All Dynatrace communication to the cluster is handled over secure socket HTTPS communication (port 443) with strong cryptography to guarantee your data privacy.


So Dynatrace Managed nodes does not actually listen on 443. You could either have your LB redirect to :443 port or :8022 (NGINX) - in these cases you don't need to care about cookies/session-stickiness as NGINX handle that. Or you can redirect to :8021 (server) - in that case you need to care of session-stickiness.

There's also an option you disable firewall service (clear iptable rules) and manage it by your own to set it up.

Hello @Radoslaw S.

Now I understood the idea that there is an already prerouting configured rule from 443 to 8022, so for the LB SSL certificate, we can use the 8022 instead of the 443.

Is my understanding correct?

Regards,

Babar

yes, you should be able to

Hello @Radoslaw S.

Thank you for the endorsement.

@dynatrace A.

Now you can implement the same solution to achieve your objectives.

https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-managed/configuration/which...

Regards,

Babar